Drongo_III

So the moral of the story is just use PDO then. Out of interst, why are prepared statement considered so SQL-injection-proof? Is it simply because they automatically escape the data? Or is it because they don't allow people to append new queries through user data?

Out of interest so i understand this patttern (as my regex is a bit rusty): $match = '/@([^\s]+)/'; This pattern says: find instance of '@' then match anything that isn't a space after the @? Tis very clever if that's the case - regex really is quite something.

OH and you'd also have to change $name = substr($matches[0], 2); Because now it needs to look two characters from the start instead of one. Then it should all work again!

Just need to change the pattern to: '/\s@[a-zA-Z]+/'; Oh and add a space before $name in $stringtwo $stringtwo = "<a href='' class='profile_name' id='name'> $name</a>";

Thanks Kevin!

Probably not the most efficient way of doing it but it works... $string = "hey whats up @sam how are you doing"; $pattern = '/@[a-zA-Z]+/'; preg_match($pattern, $string, $matches); $name = substr($matches[0], 1); $stringtwo = "<a href='' class='profile_name' id='name'>$name</a>"; //$string contains new string with link changed to name dynamically $string = str_replace($matches[0], $stringtwo, $string);

Ahh well there you go And yeah I would favour regex if looking for something dynamic but the post seemed to suggest @sam was the term - so maybe i misread The difference in speed is huge, but str_replace will only match static data. Regular expressions allow for patterns to be found.

Either use regular expression or use the str_replace() function. That takes a search term, a replacements term and the string you want to work on. I've heard it's quicker than using preg_replace with regex but it's probably such a nominal difference that it's not worth worrying about.

Also is it a good idea to straight include unescaped $_POST data in your queries? Just a thought.

Check out this tutorial on youtube. He does exactly what you're after.

I'm just learning PDO as it seems to be recommended as the most secure way to query mysql. Through reading a tutorial it suggested that if you use prepared statements with bound queries you do not need to escape or quote user data. So if i ran: $pdo->prepare('SELECT * FROM users WHERE username = :username'); $pdo->execute(array(':username' => $_GET['username'])); Does it mean that PDO will automatically escape the data? And therefore when using PDO you don't have to do anything with user data you're sendingt the database? Or do I have this wrong? Really keen to understand this so I don't inadvertently bugger anything on my server. Thanks, Drongo

You're a genius. That worked perfectly. I'd like to understand why that happens though. How do new lines outside of the php tags end up affecting my output? Is it a quirk of using headers to output data?

Hi Guys I'm getting something really strange. Basically I have two files, one contains a link (to the other) and the other contains php that generates a simple csv. Link php <?php echo "download your file <a href='http://localhost/creatingcsv/download.php'>HERE</a>"; ?> CSV php <?php //sample array $test = array( array('name', 'address'), array('bilbo', 'bagins') ); //Generate headers for csv $implosion = implode(',',$test[0]); //Add new line $implosion .= "\n"; //Generate csv row of data $implosion.= implode(',', $test[1]); //call function to output data download($implosion); function download($implosion){ header("Content-type: text/csv"); header("Content-Disposition: attachment; filename=file.csv"); header("Pragma: no-cache"); header("Expires: 0"); echo $implosion; } ?> Nothing radical there. But in the csv php file if the <?php tag isn't on line one then the csv generates with new lines above the header data - in the actual csv file that is output. So if I go into csv php file and hit return five times, above the <?php tag, I end up with five empty rows before the data in the csv. Can anyone tell me why this is happening? Dongo

Yeah as above. I usually make the noob mistake of naming the database instead of the table in the query - which naturally makes it fail.

Ah spotted my mistake. Should have been: echo $xml->children("f", true)->name; Now it displays correctly. Thank you for introducing me to that. Think i need to spend a little time practicing

Stick with me on this I might be a little slow... I've done this: echo $xml->name->children("f", true)->name; Based on what i understand from what you said. But it returns an error: What am i doing wrong?

Ahh i see. Very interesting technique. I think for my simplistic purpose i shall use a map but it's really interesting to hear about more complex ways of doing it - in the right scenario.

Hi guys I am trying to access an xml file from youtube that uses name spaces but when i try to access these elements I seem to get nothing back. As a simplified example: My XML <?xml version='1.0' standalone='yes'?> <movies xmlns:f="hppt://www.test.org"> <f:name>hello</f:name> </movies> I want to access the value of the f:name element so I do this: $xml = simplexml_load_file('myxml.xml'); echo $xml->{'f:name'}; But it doesn't echo anything to the page. So I must be doing something wrong but I'm a bit stuck on what that is... The only thing I am struggling with are these elements with namespaces (colons). Any help would be appreciated! Drongo

Wow that sounds complicated. Can I ask why you wouldn't just use an image map?

You can't apply a style to tr tags as far as i know. Can you explain a bit more?

BTW I typoed the inner div closing tag.

Can you explain a little more what you're trying to achieve? Is it that you want the purple header to be horizontally scrollable? If so, try something like this: <div style="width: 400px; height: 200px; overflow: hidden; overflow-x:scroll;border: 1px solid #000;"> <div style="height: 100px; width: 5000px; border: 1px solid red; margin-top: 30px;"> THIS IS WHERE YOUR CONTENT GOES <div/> </div>

This is probably a really dumb question. I need to make an image link, that's part of a bigger image, a diagonal link. What do you think is the best way to do this? Image map? Or is there a better way? Incidentally I'm reluctant to use css transform because the site needs to cater for at least IE7-IE8 and this is just intended to be a temporary holding page so don't want to create multiple style sheets etc. Any suggested techniques would be welcome

Hi Adam That makes a lot of sense now. Thank you so much for taking the time. I think the php version especially helped me to get it as JS isn't my strongest point! BIG thanks for your time! Drongo

Hi Adam Thanks for your response. Bear with me whilst i try to understand this. Your code works perfectly but I don't quite follow what's going on. Is this right... In your code the key for the 'options' array takes on the value of 'theSide' var, which equals 'marginLeft'. Then we give that key a value of 400. But how does simply writing 'options' then translate into something equivalent to animate({marginLeft:400}, 400); Or is it a javascript thing that putting the name of the array in that context means that it gets printed as it's key and value pair?? I am a tad confused on this last bit. And if that is the key, could you have multiple values in the array and they'd all get interpreted? Thank you for you patience...i feel there is something quite fundamental i need to understand here...